plugin-creator
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The script 'scripts/package_skill.py' uses subprocess to run a hardcoded git command to find the repository root. This is a safe environment discovery operation.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill requires the 'pyyaml' package for parsing configuration files, which is a standard and well-known dependency.
- [DYNAMIC_EXECUTION] (SAFE): The 'scripts/quick_validate.py' script correctly uses 'yaml.safe_load()' to parse YAML frontmatter, preventing potential unsafe deserialization attacks.
- [DATA_EXPOSURE] (SAFE): The packaging functionality involves reading files from a user-provided directory to create a compressed skill archive, which is consistent with the skill's stated purpose.
Audit Metadata